Installation structor updates
changed the default installattion used in the linux_build.sh script to create an installer that deauly installs the application data files in the /var fold folder instead of the user specific folder in /home. also made it so it will now create a system user named after the name of the application and use that user to run the systemd service instead of the currently logged in user. doing this harded system security by having the application run as an under privileged user. this also opens up the possibility to lock down direct writing access to the host database to just the internal module (in a future update). removed the -start command line argument and have just the -host option to start new host instances. the -start option would start the host as the current user so i decided to remove it as a way to encourage end users to start/stop the host via systemd.
This commit is contained in:
parent
87d9eb0207
commit
4d47fd187f
|
@ -10,13 +10,12 @@ Usage: mrci <argument>
|
||||||
<Arguments>
|
<Arguments>
|
||||||
|
|
||||||
-help : display usage information about this application.
|
-help : display usage information about this application.
|
||||||
-start : start a new host instance in the background. (non-blocking)
|
|
||||||
-stop : stop the current host instance if one is currently running.
|
-stop : stop the current host instance if one is currently running.
|
||||||
-about : display versioning/warranty information about this application.
|
-about : display versioning/warranty information about this application.
|
||||||
-addr {ip_address:port} : set the listening address and port for TCP clients.
|
-addr {ip_address:port} : set the listening address and port for TCP clients.
|
||||||
-status : display status information about the host instance if it is currently running.
|
-status : display status information about the host instance if it is currently running.
|
||||||
-reset_root : reset the root account password to the default password.
|
-reset_root : reset the root account password to the default password.
|
||||||
-host : this starts a blocking host instance. for internal use only.
|
-host : start a new host instance. (this blocks).
|
||||||
-public_cmds : run the internal module to list it's public commands. for internal use only.
|
-public_cmds : run the internal module to list it's public commands. for internal use only.
|
||||||
-exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only.
|
-exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only.
|
||||||
-user_cmds : run the internal module to list it's user commands. for internal use only.
|
-user_cmds : run the internal module to list it's user commands. for internal use only.
|
||||||
|
|
|
@ -5,12 +5,12 @@ installer_file="$2"
|
||||||
|
|
||||||
src_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
src_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||||
bin_name="mrci"
|
bin_name="mrci"
|
||||||
app_version="2.1.2"
|
app_version="2.1.3"
|
||||||
app_name="MRCI"
|
app_name="MRCI"
|
||||||
install_dir="/opt/$bin_name"
|
install_dir="/opt/$bin_name"
|
||||||
|
var_dir="/var/opt/$bin_name"
|
||||||
bin_dir="/usr/bin"
|
bin_dir="/usr/bin"
|
||||||
tmp_dir="$HOME/.cache/mrci_build"
|
tmp_dir="$HOME/.cache/mrci_build"
|
||||||
user="$USER"
|
|
||||||
|
|
||||||
if [ ! -d "$qt_dir" ]; then
|
if [ ! -d "$qt_dir" ]; then
|
||||||
|
|
||||||
|
@ -32,14 +32,14 @@ fi
|
||||||
|
|
||||||
if [ -d "$tmp_dir" ]; then
|
if [ -d "$tmp_dir" ]; then
|
||||||
|
|
||||||
rm -rfv $tmp_dir
|
rm -rf $tmp_dir
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $? -eq 0 -a -d "$qt_dir" ]; then
|
if [ $? -eq 0 -a -d "$qt_dir" ]; then
|
||||||
|
|
||||||
mkdir -vp $tmp_dir
|
mkdir -vp $tmp_dir
|
||||||
cp -rv $src_dir/. $tmp_dir
|
cp -r $src_dir/. $tmp_dir
|
||||||
cd $tmp_dir
|
cd $tmp_dir
|
||||||
qmake -config release
|
qmake -config release
|
||||||
|
|
||||||
|
@ -68,6 +68,7 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then
|
||||||
echo "export QTDIR=$install_dir" >> $startup_script
|
echo "export QTDIR=$install_dir" >> $startup_script
|
||||||
echo "export QT_PLUGIN_PATH=$install_dir" >> $startup_script
|
echo "export QT_PLUGIN_PATH=$install_dir" >> $startup_script
|
||||||
echo "export LD_LIBRARY_PATH=\"$install_dir/lib:\$LD_LIBRARY_PATH\"" >> $startup_script
|
echo "export LD_LIBRARY_PATH=\"$install_dir/lib:\$LD_LIBRARY_PATH\"" >> $startup_script
|
||||||
|
echo "export MRCI_DB_PATH=$var_dir/data.db" >> $startup_script
|
||||||
echo "$install_dir/$bin_name \$1 \$2 \$3" >> $startup_script
|
echo "$install_dir/$bin_name \$1 \$2 \$3" >> $startup_script
|
||||||
|
|
||||||
echo "#!/bin/sh" > $setup_script
|
echo "#!/bin/sh" > $setup_script
|
||||||
|
@ -77,43 +78,57 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then
|
||||||
echo "if [ ! -d \"$install_dir\" ]; then" >> $setup_script
|
echo "if [ ! -d \"$install_dir\" ]; then" >> $setup_script
|
||||||
echo " sudo mkdir -p $install_dir" >> $setup_script
|
echo " sudo mkdir -p $install_dir" >> $setup_script
|
||||||
echo "fi" >> $setup_script
|
echo "fi" >> $setup_script
|
||||||
echo "sudo cp -rfv ./lib $install_dir" >> $setup_script
|
echo "if [ ! -d \"$var_dir\" ]; then" >> $setup_script
|
||||||
echo "sudo cp -rfv ./sqldrivers $install_dir" >> $setup_script
|
echo " sudo mkdir -p $var_dir" >> $setup_script
|
||||||
echo "sudo cp -fv ./$bin_name $install_dir" >> $setup_script
|
echo "fi" >> $setup_script
|
||||||
echo "sudo cp -fv ./$bin_name.sh $install_dir" >> $setup_script
|
echo "cp -rfv ./lib $install_dir" >> $setup_script
|
||||||
echo "sudo cp -fv ./uninstall.sh $install_dir" >> $setup_script
|
echo "cp -rfv ./sqldrivers $install_dir" >> $setup_script
|
||||||
echo "sudo cp -fv ./$bin_name.service /etc/systemd/system/$bin_name@$USER.service" >> $setup_script
|
echo "cp -fv ./$bin_name $install_dir" >> $setup_script
|
||||||
echo "sudo chmod 755 $install_dir/$bin_name" >> $setup_script
|
echo "cp -fv ./$bin_name.sh $install_dir" >> $setup_script
|
||||||
echo "sudo chmod 755 $install_dir/$bin_name.sh" >> $setup_script
|
echo "cp -fv ./uninstall.sh $install_dir" >> $setup_script
|
||||||
echo "sudo chmod 755 $install_dir/uninstall.sh" >> $setup_script
|
echo "cp -fv ./$bin_name.service /etc/systemd/system/$bin_name.service" >> $setup_script
|
||||||
echo "sudo chmod 755 $install_dir" >> $setup_script
|
echo "useradd -r $bin_name" >> $setup_script
|
||||||
echo "sudo chmod -R 755 $install_dir/lib" >> $setup_script
|
echo "chmod 755 $install_dir/$bin_name" >> $setup_script
|
||||||
echo "sudo chmod -R 755 $install_dir/sqldrivers" >> $setup_script
|
echo "chmod 755 $install_dir/$bin_name.sh" >> $setup_script
|
||||||
echo "sudo chmod 755 /etc/systemd/system/$bin_name@$USER.service" >> $setup_script
|
echo "chmod 755 $install_dir/uninstall.sh" >> $setup_script
|
||||||
echo "sudo ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script
|
echo "chmod 755 $install_dir" >> $setup_script
|
||||||
echo "sudo systemctl start $bin_name@$USER" >> $setup_script
|
echo "chmod -R 755 $install_dir/lib" >> $setup_script
|
||||||
echo "sudo systemctl enable $bin_name@$USER" >> $setup_script
|
echo "chmod -R 755 $install_dir/sqldrivers" >> $setup_script
|
||||||
echo "echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script
|
echo "chmod 755 /etc/systemd/system/$bin_name.service" >> $setup_script
|
||||||
echo "echo \" sh $install_dir/uninstall.sh\n\"" >> $setup_script
|
echo "chown -R $bin_name:$bin_name $var_dir" >> $setup_script
|
||||||
|
echo "chmod -R 755 $var_dir" >> $setup_script
|
||||||
|
echo "ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script
|
||||||
|
echo "systemctl start $bin_name" >> $setup_script
|
||||||
|
echo "systemctl enable $bin_name" >> $setup_script
|
||||||
|
echo "if [ \$? -eq 0 ]; then" >> $setup_script
|
||||||
|
echo " echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script
|
||||||
|
echo " echo \" $install_dir/uninstall.sh\n\"" >> $setup_script
|
||||||
|
echo "fi" >> $setup_script
|
||||||
|
|
||||||
echo "[Unit]" > $service_file
|
echo "[Unit]" > $service_file
|
||||||
echo "Description=$app_name host" >> $service_file
|
echo "Description=$app_name Host Daemon" >> $service_file
|
||||||
echo "After=network.target" >> $service_file
|
echo "After=network.target" >> $service_file
|
||||||
echo "" >> $service_file
|
echo "" >> $service_file
|
||||||
echo "[Service]" >> $service_file
|
echo "[Service]" >> $service_file
|
||||||
echo "Type=simple" >> $service_file
|
echo "Type=simple" >> $service_file
|
||||||
echo "User=%i" >> $service_file
|
echo "User=$bin_name" >> $service_file
|
||||||
|
echo "Restart=on-failure" >> $service_file
|
||||||
|
echo "RestartSec=5" >> $service_file
|
||||||
|
echo "TimeoutStopSec=infinity" >> $service_file
|
||||||
echo "ExecStart=/usr/bin/env $bin_name -host" >> $service_file
|
echo "ExecStart=/usr/bin/env $bin_name -host" >> $service_file
|
||||||
|
echo "ExecStop=/usr/bin/env $bin_name -stop" >> $service_file
|
||||||
echo "" >> $service_file
|
echo "" >> $service_file
|
||||||
echo "[Install]" >> $service_file
|
echo "[Install]" >> $service_file
|
||||||
echo "WantedBy=multi-user.target" >> $service_file
|
echo "WantedBy=multi-user.target" >> $service_file
|
||||||
|
|
||||||
echo "#!/bin/sh" > $uninstall_script
|
echo "#!/bin/sh" > $uninstall_script
|
||||||
echo "sudo systemctl -q stop $bin_name@$USER" >> $uninstall_script
|
echo "systemctl -q stop $bin_name" >> $uninstall_script
|
||||||
echo "sudo systemctl -q disable $bin_name@$USER" >> $uninstall_script
|
echo "systemctl -q disable $bin_name" >> $uninstall_script
|
||||||
echo "sudo rm -v /etc/systemd/system/$bin_name@$USER.service" >> $uninstall_script
|
echo "rm -v /etc/systemd/system/$bin_name.service" >> $uninstall_script
|
||||||
echo "sudo rm -v $bin_dir/$bin_name" >> $uninstall_script
|
echo "rm -v $bin_dir/$bin_name" >> $uninstall_script
|
||||||
echo "sudo rm -rv $install_dir" >> $uninstall_script
|
echo "rm -rv $install_dir" >> $uninstall_script
|
||||||
|
echo "chown -R root:root $var_dir" >> $uninstall_script
|
||||||
|
echo "deluser $bin_name" >> $uninstall_script
|
||||||
|
|
||||||
chmod +x $setup_script
|
chmod +x $setup_script
|
||||||
|
|
||||||
|
|
10
src/db.h
10
src/db.h
|
@ -37,25 +37,27 @@
|
||||||
#include "shell.h"
|
#include "shell.h"
|
||||||
|
|
||||||
#define APP_NAME "MRCI"
|
#define APP_NAME "MRCI"
|
||||||
#define APP_VER "2.1.2"
|
#define APP_VER "2.1.3"
|
||||||
#define APP_TARGET "mrci"
|
#define APP_TARGET "mrci"
|
||||||
|
|
||||||
#ifdef Q_OS_WIN
|
#ifdef Q_OS_WIN
|
||||||
|
|
||||||
#define DEFAULT_MAILBIN "%COMSPEC%"
|
#define DEFAULT_MAILBIN "%COMSPEC%"
|
||||||
#define DEFAULT_MAIL_SEND "echo %message_body% | mutt -s %subject% %target_email%"
|
#define DEFAULT_MAIL_SEND "echo %message_body% | mutt -s %subject% %target_email%"
|
||||||
#define DEFAULT_DB_PATH "%LOCALAPPDATA%\\%EXENAME%\\data.db"
|
#define DEFAULT_DB_PATH "%PROGRAMDATA%\\mrci\\data.db"
|
||||||
|
#define DEFAULT_WORK_DIR "%PROGRAMDATA%\\mrci"
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
||||||
#define DEFAULT_MAILBIN "/bin/sh"
|
#define DEFAULT_MAILBIN "/bin/sh"
|
||||||
#define DEFAULT_MAIL_SEND "-c \"echo %message_body% | mutt -s %subject% %target_email%\""
|
#define DEFAULT_MAIL_SEND "-c \"echo %message_body% | mutt -s %subject% %target_email%\""
|
||||||
#define DEFAULT_DB_PATH "$HOME/.$EXENAME/data.db"
|
#define DEFAULT_DB_PATH "/var/opt/mrci/data.db"
|
||||||
|
#define DEFAULT_WORK_DIR "/var/opt/mrci"
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define ENV_DB_PATH "MRCI_DB_PATH"
|
#define ENV_DB_PATH "MRCI_DB_PATH"
|
||||||
#define ENV_EXENAME "EXENAME"
|
#define ENV_WORK_DIR "MRCI_WORK_DIR"
|
||||||
#define ROOT_USER "root"
|
#define ROOT_USER "root"
|
||||||
#define SUBJECT_SUB "%subject%"
|
#define SUBJECT_SUB "%subject%"
|
||||||
#define MSG_SUB "%message_body%"
|
#define MSG_SUB "%message_body%"
|
||||||
|
|
20
src/main.cpp
20
src/main.cpp
|
@ -60,13 +60,12 @@ void showHelp()
|
||||||
txtOut << "Usage: " << APP_TARGET << " <argument>" << endl << endl;
|
txtOut << "Usage: " << APP_TARGET << " <argument>" << endl << endl;
|
||||||
txtOut << "<Arguments>" << endl << endl;
|
txtOut << "<Arguments>" << endl << endl;
|
||||||
txtOut << " -help : display usage information about this application." << endl;
|
txtOut << " -help : display usage information about this application." << endl;
|
||||||
txtOut << " -start : start a new host instance in the background. (non-blocking)" << endl;
|
|
||||||
txtOut << " -stop : stop the current host instance if one is currently running." << endl;
|
txtOut << " -stop : stop the current host instance if one is currently running." << endl;
|
||||||
txtOut << " -about : display versioning/warranty information about this application." << endl;
|
txtOut << " -about : display versioning/warranty information about this application." << endl;
|
||||||
txtOut << " -addr {ip_address:port} : set the listening address and port for TCP clients." << endl;
|
txtOut << " -addr {ip_address:port} : set the listening address and port for TCP clients." << endl;
|
||||||
txtOut << " -status : display status information about the host instance if it is currently running." << endl;
|
txtOut << " -status : display status information about the host instance if it is currently running." << endl;
|
||||||
txtOut << " -reset_root : reset the root account password to the default password shown below." << endl;
|
txtOut << " -reset_root : reset the root account password to the default password shown below." << endl;
|
||||||
txtOut << " -host : this starts a blocking host instance. for internal use only." << endl;
|
txtOut << " -host : start a new host instance. (this blocks)" << endl;
|
||||||
txtOut << " -public_cmds : run the internal module to list it's public commands. for internal use only." << endl;
|
txtOut << " -public_cmds : run the internal module to list it's public commands. for internal use only." << endl;
|
||||||
txtOut << " -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only." << endl;
|
txtOut << " -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only." << endl;
|
||||||
txtOut << " -user_cmds : run the internal module to list it's user commands. for internal use only." << endl;
|
txtOut << " -user_cmds : run the internal module to list it's user commands. for internal use only." << endl;
|
||||||
|
@ -110,12 +109,12 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
serializeThread(app.thread());
|
serializeThread(app.thread());
|
||||||
|
|
||||||
QDir::setCurrent(QDir::homePath());
|
QString workDir = expandEnvVariables(qEnvironmentVariable(ENV_WORK_DIR, DEFAULT_WORK_DIR));
|
||||||
|
|
||||||
|
QDir::setCurrent(workDir);
|
||||||
QCoreApplication::setApplicationName(APP_NAME);
|
QCoreApplication::setApplicationName(APP_NAME);
|
||||||
QCoreApplication::setApplicationVersion(APP_VER);
|
QCoreApplication::setApplicationVersion(APP_VER);
|
||||||
|
|
||||||
qputenv(ENV_EXENAME, APP_TARGET);
|
|
||||||
|
|
||||||
QString err;
|
QString err;
|
||||||
QStringList args = QCoreApplication::arguments();
|
QStringList args = QCoreApplication::arguments();
|
||||||
bool dbFail = false;
|
bool dbFail = false;
|
||||||
|
@ -225,17 +224,6 @@ int main(int argc, char *argv[])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (args.contains("-start", Qt::CaseInsensitive))
|
|
||||||
{
|
|
||||||
if (dbFail)
|
|
||||||
{
|
|
||||||
soeDueToDbErr(&ret);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
QProcess::startDetached(QCoreApplication::applicationFilePath(), QStringList() << "-host");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if (args.contains("-stop", Qt::CaseInsensitive) || args.contains("-status", Qt::CaseInsensitive))
|
else if (args.contains("-stop", Qt::CaseInsensitive) || args.contains("-status", Qt::CaseInsensitive))
|
||||||
{
|
{
|
||||||
ret = shellToHost(args, app);
|
ret = shellToHost(args, app);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user